NGINX Ingress doesnt use TrafficSplit (North-South)
xavipanda opened this issue · 1 comments
Hi,
I deployed nginx-service-mesh, and works good. Created some TrafficSplit around and the pods within the mesh (west-east) gets load balanced by the trafficsplit.
The problem is that NGINX ingress (non plus) seems to ignore at all the TrafficSplit.
I've tried to make this work with flagger, but also no lucky.. the ingress doesn't sends traffic at all to the canary (even creating a manual TrafficSplit)
I followed all the docs and tried everything around... any idea??
Is North-South only a NGINX Plus feature or what ????
version: 0.9.1
TrafficSplit SMI
apiVersion: split.smi-spec.io/v1alpha3
kind: TrafficSplit
metadata:
generation: 3
name: svcinfo
namespace: canary
spec:
backends:
- service: svcinfo
weight: 90
- service: svcinfo-canary
weight: 10
service: svcinfo
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
app: svcinfo
name: svcinfo
namespace: canary
spec:
rules:
- host: something.com
http:
paths:
- backend:
serviceName: svcinfo
servicePort: 80
Flagger CRD
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: svcinfo
namespace: canary
spec:
provider: nginx
# deployment reference
targetRef:
apiVersion: apps/v1
kind: Deployment
name: svcinfo
ingressRef:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: svcinfo
autoscalerRef:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: svcinfo
progressDeadlineSeconds: 60
service:
port: 80
targetPort: 9898
analysis:
interval: 10s
threshold: 10
maxWeight: 50
stepWeight: 5
metrics:
- name: request-success-rate
# minimum req success rate (non 5xx responses)
# percentage (0-100)
thresholdRange:
min: 99
interval: 1m
Traffic West-East: (balance with canary)
"hostname": "svcinfo-primary-84469b949f-jldnw",
"hostname": "svcinfo-primary-84469b949f-jwmqs",
"hostname": "svcinfo-primary-84469b949f-jldnw",
"hostname": "svcinfo-79996f9b76-zt5v6",
"hostname": "svcinfo-primary-84469b949f-jwmqs",
"hostname": "svcinfo-primary-84469b949f-jldnw",
Traffic North-South: (always same)
"hostname": "svcinfo-primary-84469b949f-jldnw",
"hostname": "svcinfo-primary-84469b949f-jldnw",
"hostname": "svcinfo-primary-84469b949f-jwmqs",
"hostname": "svcinfo-primary-84469b949f-jldnw",
any help ?
@xavipanda Thanks for the feedback on NGINX Service Mesh (NSM); glad it's working well for E/W. :) I believe the non-plus version of NGINX Ingress Controller does support traffic splits, but since NSM only supports direct integration with NGINX Plus Ingress Controller then I don't know how much help we can be with configuring non-plus. Your best bet is to reach out with an issue on that repo for help on traffic splitting: https://github.com/nginxinc/kubernetes-ingress/issues
Assuming it does work, the non-plus Ingress Controller won't be able to participate in mTLS certificate exchange with NSM so you'll need to route traffic from ingress to a service in NSM that supports receiving non-mTLS traffic (setting mTLS to permissive or off).
Hope that helps.